Multi-factor authentication is great when it works, but when it doesn’t, it can leave you in a pretty difficult situation. After all, what happens when all of a sudden, you cannot access your secondary authentication methods? We’re here to help you bypass this particularly challenging and frustrating scenario.
First, let’s look at how and why you might accidentally get locked out of your MFA methods.
How Might You Get Locked Out of Your MFA Solution?
Multi-factor authentication works by shoring up the problematic password and augmenting it with other, secondary methods of authentication that are more secure. The logic is simple; two keys for a single lock is more effective than one. You might use a password and a fingerprint scan, or a password and a USB key. Here is a brief rundown of various MFA methods:
- Something you know: A password, passphrase, or a PIN.
- Something you have: Something you own or have in your possession is required to access the account, like a key card, smartphone, or hardware-based security key.
- Something you are: Think biometrics, a fingerprint, or retina scan—something to confirm your identity.
By requiring more than just one form of authentication, it becomes much more difficult for an attacker to get into an account.
Of course, requiring two keys also means that if you lose one of them or forget one of them, you cannot access your account, leading to the exact opposite problem of hackers infiltrating your account.
Potential Solutions to Your Dilemma
Rather than give up immediately and start over, let’s consider two paths you might be able to use to gain access to your locked account.
You might be logged in elsewhere.
Most services and applications using MFA will have a website and an app, and chances are at least one of them will still have you logged in, if you’re like most individuals who dislike the hassle of logging into your account every time you have to use it. You can sometimes check the settings to discover an option that will let you temporarily disable two-factor authentication. You will probably have to provide the password, so make sure you don’t accidentally log out until you have finally gotten control of your account again.
Customer support might help.
Customer support might not be the most ideal solution to your problems, but it’s an effective one. Simply put, you never know what’s possible until you ask about what is possible. There might be a simple way you can get back into your account. If there isn’t, there might still be a way too, but it could take up to a couple of days before it takes effect.
Really, the best way to address this issue is to not find yourself in it in the first place. If you have to open a new account just to get around this frustration, make sure you contact the vendor to disable the old account so that no one can take advantage of the old one.
What Other Options Do You Have?
Most modern MFA tools have contingency plans built into them specifically for situations like these. One way is to set up multiple methods of secondary authentication, like having secondary phone numbers, email addresses, or biometrics in place, providing you with more ways to get into your account should you lose access to one of them.
Many MFA platforms also provide users with recovery keys or backup codes that you can use to communicate with the MFA platform, further guaranteeing that you are the designated user. If you generate one of these codes, you’ll want to ensure that it is protected in a safe place, preferably one with encryption.
If you go the security key route, you should consider getting a second key as well, just in case. Some services enable you to get multiple keys tied to your account specifically because they understand how easy it is to lose something important like this. Plus, if you ever upgrade your key, you’ll have the old one to use as a backup.
Let’s Make Sure Your IT Works
One of our big responsibilities as a managed service provider is making sure you get the value you expect out of your technology, which includes accessing your resources and accounts as needed. We can help you ensure that you are always connected to what makes your business run. To learn more, reach out to us at (505) 242-5683.